A low and slow attack is a type of denial-of-service (DoS) attack designed to evade detection by sending application traffic or commonly HTTP requests that appear to be legitimate, but at a very slow rate of volume. Also known as a slow-rate attack, low and slow attacks require little bandwidth and may be launched from a single computer or with a botnet. Traffic from this type of attack is difficult to detect because it appears to be legitimate OSI Model Layer 7 (the application layer) traffic and is not sent at a rate that triggers volumetric security alerts.

Brute-force attacks may also use a low and slow methodology, attempting to gain unauthorized access to an account or system by guessing the username and password at a relatively slow rate to avoid detection or triggering a lockout. Attackers leverage large networks of infected or compromised hosts to conduct such attacks, typically ranging from thousands to millions of bots.